(022) 820 801 centru@datepersonale.md
DP header logo
img mobile menu img close mobile menu
ROENРу
ico search toggle
datepersonale.md
/
Uncategorized
/
Administrative fine of 100,000 euros imposed by the Italian Data Protection Authority on a bank for violating the data subject’s right of access

Administrative fine of 100,000 euros imposed by the Italian Data Protection Authority on a bank for violating the data subject’s right of access

img 128 Views

       The National Center for Personal Data Protection (NCPDP), for information and application purposes, communicates about the administrative fine of 100,000 euros applied by the Italian Data Protection Authority (SA) to the company Banco Bilbao Vizcaya Argentaria SA for violating Article 12 (Transparent information, communication and modalities for the exercise of the rights of the data subject) and Article 15 (Right of access by the data subject) of the GDPR.

       A bank customer, a victim of fraud, requested access to the records of calls made to the customer service, which were essential for contesting a transfer of approximately 10,000 euros and for clarifying the circumstances of the incident. As the bank did not provide a satisfactory response within the legal deadline, the customer filed a complaint with the Italian SA. The records were only transmitted after the Authority initiated an investigation, thus exceeding the 30-day deadline provided for by the GDPR.

       During the investigation, the Italian SA emphasized that, in accordance with the Guideline 01/2022 of the European Data Protection Board on the right of access, including telephone calls between customers and banks constitute personal data. Therefore, they must be made available to the data subject upon request, while respecting the rights of any third parties involved.

       In this context, the Italian SA imposed an administrative fine of 100,000 euros on the company Banco Bilbao Vizcaya Argentaria SA. When setting the amount of the fine, the Authority took into account the bank’s turnover, its cooperation during the investigation and the absence of previous infringements.

       NCPDP, as the national supervisory authority for the processing of personal data, emphasizes the responsibility of personal data controllers to comply with the provisions of the legislative framework on the protection of personal data and to ensure that personal data processing operations comply with the legislation in force.

img
Mesaj de felicitare din partea echipei CNPDCP, cu prilejul Zilei Internaționale a Femeii – 8 Martie

Anual, la data de 8 Martie, marcăm Ziua Internațională a Femeii – un prilej de a celebra curajul, devotamentul, sensibilitatea și forța care definesc femeile în toate rolurile pe care le îndeplinesc. Cu această ocazie, echipa Centrului Național pentru Protecția Datelor cu Caracter Personal vă adresează cele mai alese gânduri și sincere felicitări. Vă mulțumim […]

img 84 Views
img
Curs de instruire în domeniul protecției datelor cu caracter personal organizat pentru reprezentanții Inspectoratului de Poliție Ialoveni al IGP

     La data de 05 martie 2026, Centrul Național pentru Protecția Datelor cu Caracter Personal (CNPDCP) a desfășurat un curs de instruire destinat angajaților Inspectoratului de poliție (IP) Ialoveni, activitate organizată în conformitate cu Planul de instruiri în cadrul subdiviziunilor Inspectoratul General al Poliției (IGP) pentru anul 2026. Planul respectiv a fost aprobat și […]

img 99 Views
img Video gallery
img Information